Microsoft fixes critical security bug in Copilot Studio that may have leaked private data
According to experts, Microsoft Copilot Studio had security vulnerabilities that allowed attackers to steal sensitive data from vulnerable endpoints.
Tenable cybersecurity researcher Evan Grant discovered and reported the vulnerability, which is described as an information disclosure flaw resulting from a server-side request forgery (SSRF) attack and is registered as CVE-2024-38206 with a severity score of 8.5.
Copilot Studio is an end-to-end conversational AI platform that allows users to create and customize copilots using natural language or a graphical interface.
Microsoft fixes the bug
Grant described the vulnerability as follows: an abuse of a Copilot feature that makes external web requests.
“In combination with a clever bypass of the SSRF protection, we leveraged this vulnerability to gain access to Microsoft’s internal infrastructure for Copilot Studio, including the Instance Metadata Service (IMDS) and internal Cosmos DB instances,” Grant said.
In layman’s terms, Grant retrieved the instance metadata from Copilot chat messages and used it to grab managed identity access tokens. These in turn gave him access to other internal resources, as well as read/write functionality on a Cosmos DB instance.
“An authenticated attacker could bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network,” Microsoft said in an advisory, essentially acknowledging the bug. Users don’t need to do anything, though, as the bug is being handled on Microsoft’s end.
While the vulnerability does give criminals access to sensitive data, it does not give them access to cross-tenant information, Grant concluded. Still, since the Copilot Studio infrastructure is shared by multiple tenants, it means that multiple customers could theoretically be affected if they have elevated access to Microsoft’s infrastructure.
Microsoft Copilot Studio is part of Microsoft’s broader Copilot initiative, which integrates AI-driven tools across its software suite. Announced in 2023, Copilot Studio will enable organizations and developers to customize Copilot behavior to their specific needs.
Via The Hacker News